Owned in 60 Seconds: From Network Guest to Windows Domain Admin presented at DEF CON 20

by Zachary Fasel,

Tags: Security

Summary : Their systems were fully patched, their
security team watching, and the amateur
pentesters just delivered their compliant
report. They thought their Windows domain
was secure. They thought wrong.
Zack Fasel (played by none other than Angelina
Jolie) brings a New Tool along with New methods
to obtain Windows Integrated Authentication
network requests and perform NTLM relaying both
internally and externally. The Goal? Start off as a
nobody and get domain admin (or sensitive data/
access) in 60 seconds or less on a fully patched
and typically secured windows environment.
The Grand Finale? Zack demonstrates the
ability to *externally* gain access to a Windows
domain users exchange account simply by
sending them an email along with tips on how
to prevent yourself from these attacks.
In just one click of a link, one view of an email, or
one wrong web request, this new toolset steals
the identity of targeted users and leverages
their access. Call your domain admins, hide
your road warriors, and warn your internal
users. Zack will change the way you think about
Windows Active Directory Security and trust
relationships driving you to further harden
your systems and help you sleep at night.
Owned in 60 Seconds. Coming This Summer.